wannacry 勒索病毒_WannaCry：勒索软件尸检

wannacry 勒索病毒

In a twist of irony, the global spread of WannaCry, the malware that recently attacked the NHS, was caused by spying tools leaked from the US’ National Security Agency (NSA).

具有讽刺意味的是，最近袭击NHS的恶意软件WannaCry在全球的传播是由美国国家安全局(NSA)泄漏的间谍工具引起的。

Highly infectious, WannaCry (also known as WannaCryptor and WCry) spread to at least 150 countries within a few hours. According to antivirus company, Avast, it took less than 24 hours to infect more than 100,000 Windows systems, 57% of them in Russia. Besides the NHS, its other high-profile victims included Telefonica, Santander, FedEx, Vodafone and Renault.

WannaCry(也称为WannaCryptor和WCry)具有高度传染性，可在数小时内传播到至少150个国家。 据反病毒公司Avast称，感染不到100,000个Windows系统仅用了不到24小时，其中有57％在俄罗斯。 除了NHS之外，其其他受害人还包括西班牙电信，桑坦德银行，联邦快递，沃达丰和雷诺。

Many organisations were forced to shut down systems and even production sites to prevent the spread of the virus, and the NHS was virtually paralysed by the attack, postponing operations and cancelling thousands of appointments at over 48 hospitals, medical centres and GP surgeries. Six hospitals were still experiencing difficulties the following day and diverting emergencies as a result.

许多组织被迫关闭系统甚至生产站点，以防止病毒传播，而NHS实际上因袭击而瘫痪，推迟了行动，并取消了48多家医院，医疗中心和GP外科诊所的数千个约会。 第二天，六家医院仍然遇到困难，因此紧急情况有所改观。

 

利用Windows SMB漏洞 (Exploiting Windows SMB Vulnerabilities)

WannaCry infects systems which operate on a vulnerable Windows Server and SMB (Server Message Block). It is spread using software the NSA had developed to spy with and which was stolen by a hacking group called the Shadow Brokers who then leaked it on the internet.

WannaCry感染可在易受攻击的Windows Server和SMB(服务器消息块)上运行的系统。 它是使用国家安全